Properly Formatting Dates When DataBinding to a MaskedTextBox Control

Sometimes using MaskedTextBox control in a Windows Form does not display correctly the date when you bind it with a DateTime data type. It removes the leading ZEROES of the date when you run the program. Like this example below:

The solution is before databinding the MaskedTextBox control to the DataSet at runtime, you should apply the necessary format string you want your date to be displayed. Check out the code below for the solution (txtDateHired as the name of the MaskedTextBox Control):

Binding dateHired = new Binding("Text", ds, "Employees.DateHired");
dateHired.FormattingEnabled = true;
dateHired.FormatString = "MM/dd/yyyy";
txtDateHired.DataBindings.Add(dateHired);

Using this code, the dates will display properly on the form when using a MaskedTextBox control as part of your User Interface.

"Parameter is not valid" Error when retrieving a Photo From SQL Server Database in C#

I have been banging my head trying to solve the error in a .Net app I am developing. The scenario is I am trying to capture an image using a webcam and displaying the image in a PictureBox control. Upon saving the image into the database, it runs smoothly. But after retrieving the image and displaying it into a PictureBox Control, this one pops up:

The image was not displayed. Debugging the code brings me to this line - picBox.Image = Image.FromStream(stream); - supposedly the culprit of the code. I have been googling around for solution but found nothing. It has been 2 days already. Fortunately, my brain cells started to fire up and inspected the code thoroughly and found out that the real culprit was with the insertion of the image into the database. The image is of VarBinary(MAX) datatype in my table by the way. Upon inspecting the code on the procedure when inserting image, I found out that the error is with the SQL Parameter declaration particularly the size of the datatype. Refer below code: Error Code: cmd.Parameters.Add(new SqlParameter("@Photo", SqlDbType.VarBinary, 100)).Value = ImageToByteArray(picBox.Image); Correct One: cmd.Parameters.Add(new SqlParameter("@Photo", SqlDbType.VarBinary, 2147483647)).Value = ImageToByteArray(picBox.Image); As you can see, the difference was the plugging of the datatype size in the SQL Parameter. Using the previous code, when saving the image into the database, it does not give an error during runtime but the resulted image (byte representation in the column of the table) is not correct. This is why when retrieving the image and displaying it into a PictureBox control gives a "Parameter Not Valid" error during runtime. The reason for this is the DataLength of the image being saved into the database is more than the 100 allowable size that was defined in the previous code. So to solve the issue, just modify the defined int size for the data type in the SQL paramneter. This solves the issue in my case. The result is a big SMILE!!! :-)

Great opportunity for online business

I signed up for this great online business opportunity called BannersBroker. Now, I have an extra package worth $50 on my account and would like to transfer this amount for free to the first person who will sign up under me on this business. All you have to do is sign up under this link - BannersBroker. Please watch the video and familiarize the business before signing up. Below is the screenshot of the $50 worth package that is ready for transfer.

Now grab this business opportunity. You have nothing to lose!! Have a great day!

Monetize Your Blogs and Websites

If you have blogs or websites that you want to generate passive income for you, just sign-up for this interesting business opportunity offered by RevResponse Affiliate Program. What is RevResponse? RevResponse offers a complete monetization system to business and technology site owners. Instead of traditional contextual ads, they provide publishers with free eBooks, magazines and white papers that relate to readers' interests and are relevant to the sites' content. Simply integrate their monetization tools and get paid anywhere from $1.50 to $20 per lead for simply sharing the valuable resources they provide to your audience. Get paid to give your audience free resources! To sign-up for RevResponse and earn while doing nothing please click the image below:

Free Website Submission

If you want free submission for your site, there are lots of that offer from the web. One of these that I like is Active Search Results. They offer free site submission and provide other features that will make your site rank higher on their search result. So check them out.

Memory Leak in a Microsoft .Net Code

I tested my application to run overnight with a background process using a timer control. I had it run overnight and in the morning, after checking, I found a message on my screen stating "Unhandled Microsoft .Net Framework Exception occurred in HiTBP.exe [616]". Of course the application is not running anymore. I was wondering what went wrong.

Immediately after reading the exception, I fired up my Visual Studio 2010 IDE and opened the project. I inspected every procedure with a timer control on the main form and run it. After several minutes, I figured out what is causing the problem. See the code below:

Private Sub TimeOutTimer_Tick(sender As System.Object, e As System.EventArgs) Handles TimeOutTimer.Tick
Try
Dim frm As New frmTimeClock ' - This line here is the one causing the problem

If Auth.CheckLogOutStatus = True Then
AppInfo.IsShowLoginForm = True
' Executing clocking out procedure without showing the TimeClock Form
frm.ClockOut()
Else
Exit Sub
End If
Catch ex As Exception
MessageBox.Show(ex.Message)
Log.LogInformation(Now & " - Error " & Err.Number & " (" & Err.Description & ") on line number " & Erl() & " in procedure TimeOutTimer_Tick of Main Menu Form")
End Try
End Sub

The problem with the code above is every time the timer ticks every 3 seconds, it consumes around 240K of memory also every 3 seconds and accumulates because a new form is always instantiated. After opening the Task Manager and Processes Tab, here's what I get after execution:


To fix the issue I modified the code above to the following:

Private Sub TimeOutTimer_Tick(sender As System.Object, e As System.EventArgs) Handles TimeOutTimer.Tick
Try
If Auth.CheckLogOutStatus = True Then
AppInfo.IsShowLoginForm = True
' Executing clocking out procedure without showing the TimeClock Form
Dim frm As New frmTimeClock
frm.ClockOut()
Else
Exit Sub
End If
Catch ex As Exception
MessageBox.Show(ex.Message)
Log.LogInformation(Now & " - Error " & Err.Number & " (" & Err.Description & ") on line number " & Erl() & " in procedure TimeOutTimer_Tick of Main Menu Form")
End Try
End Sub


You have noticed that I moved the "Dim frm As New frmTimeClock" code inside the "If" condition which is only then that it is instantiated when the condition is meet or True. The lesson is you only need to instantiate a form when it is needed at that particular condition especially if it is under a Timer Control procedure. This is to avoid memory leak in the software you are developing.

After modifying the code, my application stabilizes around 25,000 k. Not bad for a huge WinForms application. :-)

What is SQL Injection and how to avoid it?

One of the greatest security loop holes and causes of great impairment to computerized systems is a hacking technique called SQL injection.

As Wikipedia's definition, SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It happens from using poorly designed query language interpreters.

Hackers use this technique to inject malicious code into statements that is executed dynamically on SQL Servers, often from accounts with higher privileges. This attack can be done when you construct your SQL code by concatenating strings.

To avoid SQL Injection, for example in VB.Net code below:

Dim cmd As SqlCommand = New SqlCommand
Dim ID as Integer

'Opening database connection
con.Open()

With cmd
.CommandText = "SELECT Name FROM Customers WHERE ID= '" & ID & "'"
.CommandType = CommandType.Text
.Connection = con
.ExecuteScalar
End With

'Closing database connection
con.Close()
con = Nothing

In the example code above, do not use this when calling SQL statements on your SQLDataAdapter or SQL Command. Instead use an SQL parameter variable to pass the parameter instead of concatenating strings when you call your variable. Like this one below:

Dim cmd As SqlCommand = New SqlCommand
Dim ID as Integer

'Opening database connection
con.Open()

With cmd
.CommandText = "SELECT Name FROM Customers WHERE ID=@ID"
.CommandType = CommandType.Text
.Connection = con
.Parameters.Add(New SqlParameter("@ID", SqlDbType.Int, 100)).Value = ID
.ExecuteScalar
End With

'Closing database connection
con.Close()
con = Nothing

The second one will avoid SQL Injection. Hackers don't have an entry point because you are not exposing your variable in your SQL Statement. I hope you get this one and you'll have a better implementation with this on your .Net code.